package org.simplejavamail.internal.smimesupport;

import jakarta.mail.MessagingException;
import jakarta.mail.Multipart;
import jakarta.mail.Session;
import jakarta.mail.internet.ContentType;
import jakarta.mail.internet.InternetHeaders;
import jakarta.mail.internet.MimeBodyPart;
import jakarta.mail.internet.MimeMessage;
import jakarta.mail.internet.MimeMultipart;
import jakarta.mail.internet.MimePart;
import jakarta.mail.util.ByteArrayDataSource;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationVerifier;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.mail.smime.SMIMEException;
import org.bouncycastle.mail.smime.SMIMESigned;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.util.Store;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.simplejavamail.api.email.AttachmentResource;
import org.simplejavamail.api.email.OriginalSmimeDetails;
import org.simplejavamail.api.internal.outlooksupport.model.OutlookMessage;
import org.simplejavamail.api.internal.outlooksupport.model.OutlookSmime;
import org.simplejavamail.api.internal.smimesupport.builder.SmimeParseResult;
import org.simplejavamail.api.internal.smimesupport.model.AttachmentDecryptionResult;
import org.simplejavamail.api.internal.smimesupport.model.SmimeDetails;
import org.simplejavamail.api.mailer.config.Pkcs12Config;
import org.simplejavamail.internal.modules.SMIMEModule;
import org.simplejavamail.internal.smimesupport.builder.SmimeParseResultBuilder;
import org.simplejavamail.internal.smimesupport.model.OriginalSmimeDetailsImpl;
import org.simplejavamail.internal.smimesupport.model.SmimeDetailsImpl;
import org.simplejavamail.utils.mail.smime.SmimeKey;
import org.simplejavamail.utils.mail.smime.SmimeKeyStore;
import org.simplejavamail.utils.mail.smime.SmimeState;
import org.simplejavamail.utils.mail.smime.SmimeUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/simplejavamail/internal/smimesupport/SMIMESupport.class */
public class SMIMESupport implements SMIMEModule {
    private static final Logger LOGGER = LoggerFactory.getLogger(SMIMESupport.class);
    private static final List<String> SMIME_MIMETYPES = Arrays.asList("application/pkcs7-mime", "application/x-pkcs7-mime", "multipart/signed");
    private static final Map<Pkcs12Config, SmimeKey> SIMPLE_SMIMESTORE_CACHE = new HashMap();

    public SmimeParseResultBuilder decryptAttachments(@NotNull List<AttachmentResource> list, @NotNull OutlookMessage outlookMessage, @Nullable Pkcs12Config pkcs12Config) {
        SmimeParseResultBuilder smimeParseResultBuilder = new SmimeParseResultBuilder();
        if (outlookMessage.getSmimeMime() instanceof OutlookSmime.OutlookSmimeApplicationSmime) {
            OutlookSmime.OutlookSmimeApplicationSmime smimeMime = outlookMessage.getSmimeMime();
            smimeParseResultBuilder.m4getOriginalSmimeDetails().completeWith(OriginalSmimeDetailsImpl.builder().smimeMime(smimeMime.getSmimeMime()).smimeType(smimeMime.getSmimeType()).smimeName(smimeMime.getSmimeName()).build());
        } else if (outlookMessage.getSmimeMime() instanceof OutlookSmime.OutlookSmimeMultipartSigned) {
            OutlookSmime.OutlookSmimeMultipartSigned smimeMime2 = outlookMessage.getSmimeMime();
            smimeParseResultBuilder.m4getOriginalSmimeDetails().completeWith(OriginalSmimeDetailsImpl.builder().smimeMime(smimeMime2.getSmimeMime()).smimeProtocol(smimeMime2.getSmimeProtocol()).smimeMicalg(smimeMime2.getSmimeMicalg()).build());
        }
        decryptAttachments(smimeParseResultBuilder, list, pkcs12Config);
        if (smimeParseResultBuilder.m4getOriginalSmimeDetails().getSmimeMode() == OriginalSmimeDetails.SmimeMode.SIGNED) {
            smimeParseResultBuilder.m4getOriginalSmimeDetails().completeWithSmimeSignatureValid(smimeParseResultBuilder.getSmimeSignedOrEncryptedEmail() != null);
        }
        return smimeParseResultBuilder;
    }

    public SmimeParseResultBuilder decryptAttachments(@NotNull List<AttachmentResource> list, @NotNull MimeMessage mimeMessage, @Nullable Pkcs12Config pkcs12Config) {
        SmimeParseResultBuilder smimeParseResultBuilder = new SmimeParseResultBuilder();
        initSmimeMetadata(smimeParseResultBuilder, mimeMessage);
        decryptAttachments(smimeParseResultBuilder, list, pkcs12Config);
        finalizeSmimeMetadata(smimeParseResultBuilder, mimeMessage);
        return smimeParseResultBuilder;
    }

    private void initSmimeMetadata(SmimeParseResultBuilder smimeParseResultBuilder, @NotNull MimeMessage mimeMessage) {
        try {
            if (mimeMessage.getHeader("Content-Type", (String) null) != null) {
                ContentType contentType = new ContentType(mimeMessage.getHeader("Content-Type", (String) null));
                if (SmimeRecognitionUtil.isSmimeContentType(contentType)) {
                    smimeParseResultBuilder.m4getOriginalSmimeDetails().completeWith(OriginalSmimeDetailsImpl.builder().smimeMime(contentType.getBaseType()).smimeType(contentType.getParameter("smime-type")).smimeName(contentType.getParameter("name")).smimeProtocol(contentType.getParameter("protocol")).smimeMicalg(contentType.getParameter("micalg")).build());
                }
            }
        } catch (MessagingException e) {
            throw new SmimeException("Error reading S/MIME Content-Type header from MimeMessage", e);
        }
    }

    private void finalizeSmimeMetadata(SmimeParseResultBuilder smimeParseResultBuilder, @NotNull MimeMessage mimeMessage) {
        OriginalSmimeDetailsImpl m4getOriginalSmimeDetails = smimeParseResultBuilder.m4getOriginalSmimeDetails();
        if (m4getOriginalSmimeDetails.getSmimeMode() != OriginalSmimeDetails.SmimeMode.PLAIN) {
            LOGGER.debug("checking who signed this message...");
            m4getOriginalSmimeDetails.completeWithSmimeSignedBy(getSignedByAddress((MimePart) mimeMessage));
            if (m4getOriginalSmimeDetails.getSmimeMode() == OriginalSmimeDetails.SmimeMode.SIGNED) {
                m4getOriginalSmimeDetails.completeWithSmimeSignatureValid(checkSignature(mimeMessage, m4getOriginalSmimeDetails));
            }
        }
    }

    private boolean checkSignature(@NotNull MimeMessage mimeMessage, @Nullable OriginalSmimeDetails originalSmimeDetails) {
        if (originalSmimeDetails == null) {
            return false;
        }
        LOGGER.debug("verifying signed mimemessage...");
        boolean verifyValidSignature = verifyValidSignature(mimeMessage, originalSmimeDetails);
        if (!verifyValidSignature) {
            LOGGER.warn("Message contains invalid S/MIME signature! Assume this emal has been tampered with.");
        }
        return verifyValidSignature;
    }

    private void decryptAttachments(@NotNull SmimeParseResultBuilder smimeParseResultBuilder, @NotNull List<AttachmentResource> list, @Nullable Pkcs12Config pkcs12Config) {
        LOGGER.debug("checking for S/MIME signed / encrypted attachments...");
        smimeParseResultBuilder.addDecryptedAttachments(decryptAttachments(list, pkcs12Config, smimeParseResultBuilder.m4getOriginalSmimeDetails()));
        if (list.size() == 1) {
            AttachmentResource attachmentResource = list.get(0);
            AttachmentDecryptionResult attachmentDecryptionResult = smimeParseResultBuilder.getDecryptedAttachmentResults().get(0);
            if (isSmimeAttachment(attachmentResource) && isMimeMessageAttachment(attachmentDecryptionResult.getAttachmentResource())) {
                smimeParseResultBuilder.m4getOriginalSmimeDetails().completeWith(determineSmimeDetails(attachmentResource));
                smimeParseResultBuilder.setSmimeSignedOrEncryptedEmail(attachmentDecryptionResult.getAttachmentResource());
            }
        }
    }

    private boolean isMimeMessageAttachment(AttachmentResource attachmentResource) {
        return attachmentResource.getDataSource().getContentType().equals("message/rfc822");
    }

    @NotNull
    private OriginalSmimeDetailsImpl determineSmimeDetails(AttachmentResource attachmentResource) {
        LOGGER.debug("Single S/MIME signed / encrypted attachment found; assuming the attachment is the message body, a record of the original S/MIME details will be stored on the Email root...");
        SmimeDetails smimeDetails = getSmimeDetails(attachmentResource);
        return OriginalSmimeDetailsImpl.builder().smimeMime(smimeDetails.getSmimeMime()).smimeSignedBy(smimeDetails.getSignedBy()).build();
    }

    @NotNull
    public List<AttachmentDecryptionResult> decryptAttachments(@NotNull List<AttachmentResource> list, @Nullable Pkcs12Config pkcs12Config, @NotNull OriginalSmimeDetails originalSmimeDetails) {
        ArrayList arrayList = new ArrayList();
        for (AttachmentResource attachmentResource : list) {
            if (isSmimeAttachment(attachmentResource)) {
                try {
                    LOGGER.debug("decrypting S/MIME signed attachment '{}'...", attachmentResource.getName());
                    arrayList.add(decryptAndUnsignAttachment(attachmentResource, pkcs12Config, originalSmimeDetails));
                } catch (Exception e) {
                    throw new SmimeException(String.format("Error unwrapping S/MIME enveloped attachment: %n\t%s", attachmentResource), e);
                }
            } else {
                arrayList.add(new AttachmentDecryptionResultImpl(OriginalSmimeDetails.SmimeMode.PLAIN, attachmentResource));
            }
        }
        return arrayList;
    }

    public boolean isSmimeAttachment(@NotNull AttachmentResource attachmentResource) {
        return SMIME_MIMETYPES.contains(attachmentResource.getDataSource().getContentType());
    }

    private AttachmentDecryptionResult decryptAndUnsignAttachment(@NotNull AttachmentResource attachmentResource, @Nullable Pkcs12Config pkcs12Config, @NotNull OriginalSmimeDetails originalSmimeDetails) {
        try {
            MimeBodyPart mimeBodyPart = new MimeBodyPart(new InternetHeaders(), attachmentResource.readAllBytes());
            mimeBodyPart.addHeader("Content-Type", restoreSmimeContentType(attachmentResource, originalSmimeDetails));
            AttachmentDecryptionResult attachmentDecryptionResult = null;
            SmimeState determineStatus = determineStatus(mimeBodyPart, originalSmimeDetails);
            if (determineStatus == SmimeState.ENCRYPTED) {
                attachmentDecryptionResult = getEncryptedContent(pkcs12Config, mimeBodyPart);
            } else if (determineStatus == SmimeState.SIGNED) {
                attachmentDecryptionResult = getSignedContent(mimeBodyPart);
            }
            return attachmentDecryptionResult != null ? attachmentDecryptionResult : new AttachmentDecryptionResultImpl(OriginalSmimeDetails.SmimeMode.PLAIN, attachmentResource);
        } catch (MessagingException | IOException e) {
            throw new SmimeException(String.format("Error unwrapping S/MIME enveloped attachment: %n\t%s", attachmentResource), e);
        }
    }

    @Nullable
    private AttachmentDecryptionResult getEncryptedContent(@Nullable Pkcs12Config pkcs12Config, MimeBodyPart mimeBodyPart) throws MessagingException, IOException {
        AttachmentDecryptionResult signedContent;
        if (pkcs12Config != null) {
            MimeBodyPart decrypt = SmimeUtil.decrypt(mimeBodyPart, retrieveSmimeKeyFromPkcs12Keystore(pkcs12Config));
            return (SmimeUtil.getStatus(decrypt) != SmimeState.SIGNED_ENVELOPED || (signedContent = getSignedContent(decrypt)) == null) ? new AttachmentDecryptionResultImpl(OriginalSmimeDetails.SmimeMode.ENCRYPTED, handleLiberatedContent(decrypt.getContent())) : new AttachmentDecryptionResultImpl(OriginalSmimeDetails.SmimeMode.SIGNED_ENCRYPTED, signedContent.getAttachmentResource());
        }
        LOGGER.warn("Message was encrypted, but no Pkcs12Config was given to decrypt it with, skipping attachment...");
        return null;
    }

    @Nullable
    private AttachmentDecryptionResult getSignedContent(MimeBodyPart mimeBodyPart) throws MessagingException, IOException {
        if (SmimeUtil.checkSignature(mimeBodyPart)) {
            return new AttachmentDecryptionResultImpl(OriginalSmimeDetails.SmimeMode.SIGNED, handleLiberatedContent(SmimeUtil.getSignedContent(mimeBodyPart).getContent()));
        }
        LOGGER.warn("Content is S/MIME signed, but signature is not valid; skipping S/MIME interpeter...");
        return null;
    }

    private String restoreSmimeContentType(@NotNull AttachmentResource attachmentResource, OriginalSmimeDetails originalSmimeDetails) {
        String contentType = attachmentResource.getDataSource().getContentType();
        if (contentType.contains("multipart/signed") && !contentType.contains("protocol") && originalSmimeDetails.getSmimeProtocol() != null) {
            contentType = String.format("multipart/signed;protocol=\"%s\";micalg=%s", originalSmimeDetails.getSmimeProtocol(), originalSmimeDetails.getSmimeMicalg());
        }
        return contentType;
    }

    @Nullable
    private AttachmentResource handleLiberatedContent(Object obj) throws MessagingException, IOException {
        if (!(obj instanceof MimeMultipart)) {
            LOGGER.warn("S/MIME signed content type not recognized, please raise an issue for " + obj.getClass());
            return null;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        MimeMessage mimeMessage = new MimeMessage((Session) null) { // from class: org.simplejavamail.internal.smimesupport.SMIMESupport.1
            protected void updateMessageID() throws MessagingException {
                setHeader("Message-ID", SmimeRecognitionUtil.SMIME_ATTACHMENT_MESSAGE_ID);
            }
        };
        mimeMessage.setContent((Multipart) obj);
        mimeMessage.writeTo(byteArrayOutputStream);
        return new AttachmentResource("signed-email.eml", new ByteArrayDataSource(byteArrayOutputStream.toByteArray(), "message/rfc822"));
    }

    private SmimeState determineStatus(@NotNull MimePart mimePart, @NotNull OriginalSmimeDetails originalSmimeDetails) {
        SmimeState status = SmimeUtil.getStatus(mimePart);
        return status != SmimeState.ENCRYPTED || originalSmimeDetails.getSmimeMode() == OriginalSmimeDetails.SmimeMode.PLAIN ? status : "signed-data".equals(originalSmimeDetails.getSmimeType()) ? SmimeState.SIGNED : SmimeState.ENCRYPTED;
    }

    @NotNull
    public SmimeDetails getSmimeDetails(@NotNull AttachmentResource attachmentResource) {
        return new SmimeDetailsImpl(attachmentResource.getDataSource().getContentType(), getSignedByAddress(attachmentResource));
    }

    @Nullable
    public String getSignedByAddress(@NotNull AttachmentResource attachmentResource) {
        try {
            InternetHeaders internetHeaders = new InternetHeaders();
            internetHeaders.addHeader("Content-Type", attachmentResource.getDataSource().getContentType());
            return getSignedByAddress((MimePart) new MimeBodyPart(internetHeaders, attachmentResource.readAllBytes()));
        } catch (MessagingException | IOException e) {
            throw new SmimeException(String.format("Error extracting signed-by address from S/MIME signed attachment: %n\t%s", attachmentResource), e);
        }
    }

    @Nullable
    public String getSignedByAddress(@NotNull MimePart mimePart) {
        try {
            return getSignedByAddress(determineSMIMESigned(mimePart));
        } catch (SmimeException e) {
            return null;
        }
    }

    public boolean verifyValidSignature(@NotNull MimeMessage mimeMessage, @NotNull OriginalSmimeDetails originalSmimeDetails) {
        return determineStatus(mimeMessage, originalSmimeDetails) != SmimeState.SIGNED || SmimeUtil.checkSignature(mimeMessage);
    }

    @NotNull
    private static SMIMESigned determineSMIMESigned(MimePart mimePart) {
        try {
            if (mimePart.isMimeType("multipart/signed")) {
                return new SMIMESigned((MimeMultipart) mimePart.getContent());
            }
            if (mimePart.isMimeType("application/pkcs7-mime") || mimePart.isMimeType("application/x-pkcs7-mime")) {
                return new SMIMESigned(mimePart);
            }
            throw new SmimeException(String.format("MimePart that was assumed to be S/MIME signed / encrypted actually wasn't: %n\t%s", mimePart));
        } catch (MessagingException | CMSException | SMIMEException | IOException e) {
            throw new SmimeException("Error determining who signed the S/MIME attachment", e);
        }
    }

    private static String getSignedByAddress(SMIMESigned sMIMESigned) {
        try {
            return IETFUtils.valueToString(getVerifier(getCertificate(sMIMESigned.getCertificates(), ((SignerInformation) sMIMESigned.getSignerInfos().getSigners().iterator().next()).getSID())).getAssociatedCertificate().getSubject().getRDNs(BCStyle.CN)[0].getFirst().getValue());
        } catch (Exception e) {
            throw new SmimeException("Error extracting subject from certificate to which it was issued", e);
        }
    }

    @Deprecated
    private static X509Certificate getCertificate(Store store, SignerId signerId) throws CertificateException {
        X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) store.getMatches(signerId).iterator().next();
        JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
        jcaX509CertificateConverter.setProvider("BC");
        return jcaX509CertificateConverter.getCertificate(x509CertificateHolder);
    }

    @Deprecated
    private static SignerInformationVerifier getVerifier(X509Certificate x509Certificate) throws OperatorCreationException {
        JcaSimpleSignerInfoVerifierBuilder jcaSimpleSignerInfoVerifierBuilder = new JcaSimpleSignerInfoVerifierBuilder();
        jcaSimpleSignerInfoVerifierBuilder.setProvider("BC");
        return jcaSimpleSignerInfoVerifierBuilder.build(x509Certificate);
    }

    @NotNull
    public MimeMessage signMessageWithSmime(@Nullable Session session, @NotNull MimeMessage mimeMessage, @NotNull Pkcs12Config pkcs12Config) {
        return SmimeUtil.sign(session, mimeMessage, retrieveSmimeKeyFromPkcs12Keystore(pkcs12Config));
    }

    @NotNull
    public MimeMessage encryptMessageWithSmime(@Nullable Session session, @NotNull MimeMessage mimeMessage, @NotNull X509Certificate x509Certificate) {
        return SmimeUtil.encrypt(session, mimeMessage, x509Certificate);
    }

    private SmimeKey retrieveSmimeKeyFromPkcs12Keystore(@NotNull Pkcs12Config pkcs12Config) {
        if (!SIMPLE_SMIMESTORE_CACHE.containsKey(pkcs12Config)) {
            SIMPLE_SMIMESTORE_CACHE.put(pkcs12Config, produceSmimeKey(pkcs12Config));
        }
        return SIMPLE_SMIMESTORE_CACHE.get(pkcs12Config);
    }

    private SmimeKey produceSmimeKey(@NotNull Pkcs12Config pkcs12Config) {
        return new SmimeKeyStore(new ByteArrayInputStream(pkcs12Config.getPkcs12StoreData()), pkcs12Config.getStorePassword()).getPrivateKey(pkcs12Config.getKeyAlias(), pkcs12Config.getKeyPassword());
    }

    /* renamed from: decryptAttachments, reason: collision with other method in class */
    public /* bridge */ /* synthetic */ SmimeParseResult m1decryptAttachments(@NotNull List list, @NotNull MimeMessage mimeMessage, @Nullable Pkcs12Config pkcs12Config) {
        return decryptAttachments((List<AttachmentResource>) list, mimeMessage, pkcs12Config);
    }

    /* renamed from: decryptAttachments, reason: collision with other method in class */
    public /* bridge */ /* synthetic */ SmimeParseResult m2decryptAttachments(@NotNull List list, @NotNull OutlookMessage outlookMessage, @Nullable Pkcs12Config pkcs12Config) {
        return decryptAttachments((List<AttachmentResource>) list, outlookMessage, pkcs12Config);
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
